a Code Division Multiple Access single-carrier system (CDMA 1X) network and an EVDO network have coexisted for a long period of time during evolution of a Code Division Multiple Access (CDMA) carrier system network toward the 3rd Generation (3G) wireless communication network. An authentication method for the EVDO network and that for the CDMA 1X network differ in that a Message Digest 5 (MD5) authentication method is adopted for the EVDO network and a Cellular Authentication and Voice Encryption (CAVE) authentication method is adopted for the CDMA 1X network and hardened in a User Identity Model (UIM) card. In order to be able to support the use of the UIM card for the CDMA 1X network in the EVDO network, it is necessary for the existing authentication method for the EVDO network to support both the MD5 authentication method and the CAVE authentication method concurrently.
The authentication method for the EVDO network is performed generally in two processes: firstly a mobile terminal initiates Network Access Identifier (NAI) authentication, and then an authentication server initiates Challenge Handshake Authentication Protocol (CHAP) authentication. Processing flows of the two processes in a current general platform are as follows:
In the NAI authentication process, the mobile terminal firstly performs an operation of reading the UMI card, and if an identifier supporting the MD5 authentication method stored in the UIM card is read out, that is, if the value at the N5 position is 11, then the mobile terminal retrieves an NAI from the UMI card and transmits the retrieved NAI to the authentication server for authentication; otherwise, it is determined that an authentication method supported by the UIM card is the CAVE authentication method, and the mobile terminal retrieves an International Mobile Subscriber Identity (IMSI) from the UIM card and adds @mycdma.cn resulting in the NAI in the format of IMSI@mycdma.cn, and the mobile terminal transmits the resulting NAI to the authentication server for authentication.
In the CHAP authentication process, the authentication server transmits to the mobile terminal a CHAP authentication request including a name of the CHAP authentication request, a description of the CHAP authentication request and a key value for authentication with a length of, e.g., 16 bytes. Upon reception of the CHAP authentication request, the mobile terminal retrieves the key value and then invokes the MD5 authentication method for calculation if an identifier supporting the MD5 authentication method is stored in the UIM card as determined in the NAI authentication process; otherwise, the mobile terminal invokes the CAVE authentication method for calculation if the UIM card supports the CAVE authentication method. A calculated authentication key value with the same length as that of the key value is transmitted to the authentication server and passes CHAP authentication after being verified by the authentication server without any error.
Next the authentication server transmits to the mobile terminal a username and a password for the mobile terminal to log on the EVDO network, and the mobile terminal logs on the EVDO network, so that the entire authentication process ends.
Since some inevitable human mistakes may occur in the existing hybrid network, the foregoing authentication process suffers from some obvious drawbacks, thus failing to pass authentication in the EVDO network.
Firstly in the NAI authentication process, there are a large number of UIM cards on the current market in which an identifier supporting the MD5 authentication method is stored incorrectly because No NAI is written or an NAI is incorrectly written into the cards due to a mistake occurring in a production process, so that NAI authentication will fail.
Secondly in the CHAP authentication process, the authentication server of the EVDO network may have a drawback because the authentication server may support only the CAVE authentication method but not the MD5 authentication method, so that in the CHAP authentication process, when the MD5 authentication method is invoked to calculate and transmit a set of authentication key values to the authentication server for authentication if an identifier supporting the MD5 authentication method is stored in the UIM card, CHAP authentication may fail because the authentication server does not support the MD5 authentication method. Furthermore there are some UIM cards on the market in which an identifier supporting the MD5 authentication method is stored incorrectly because such a mistake occurs in a production process that the MD5 authentication method is not written into the UIM cards although an identifier supporting the MD5 authentication method is stored therein, that is, the value at the N5 position is 11, so that the MD authentication method may fail to be invoked in the CHAP authentication process and thus CHAP authentication will fail.